The FBI has recently released an urgent alert about a Microsoft scam run by the hackers, Kali365.
This scam targets Microsoft 365 users, that means anyone using Teams, Outlook, or OneDrive may be at risk.
The phishing scam’s goal is to deceive victims into giving up their OAuth device codes.
Hackers can then use this information to bypass multifactor authentication. They can then gain access to Microsoft accounts.
To protect yourself, keep your OAuth tokens private.
What the scam looks like
If Kali365 targets you, you will receive a phishing email. It will look like it came from an official document-sharing service.
It will include a device code and instructions for verification.
An email that impersonates trusted cloud productivity and document-sharing services will appear.
It will contain a code that alerts users to visit a genuine Microsoft verification page and enter the code.
The scammer then captures OAuth access and refresh tokens, allowing access to targeted individuals/entities’ Microsoft 365 account.
How to protect yourself
With this access, the scammer can also reach other Microsoft 365 services, such as Outlook, Teams, and OneDrive.
To avoid falling for this scam, the best thing you can do is remain alert to any phishing emails.
However, this is often easier said than done.
The FBI’s warning includes some technical advice for staying secure.
You might consider creating a conditional access policy to block device code flow for all users.
You can also learn how to block authentication transfer policies.
These policies prevent users with unauthorised access from transferring their authentication between devices.
Read more: Microsoft Surface Laptop Ultra with Nvidia’s RTX Spark is coming soon
